Founder
AI Security
Runtime Protection
API Security
San Francisco
Series A
Ex-Signal Sciences
Profile
Forty-five minutes. Not eighteen days.
That single number tells you almost everything about what Jonathan DiVincenzo is doing at Impart Security. Before his platform, enterprise security teams deploying a new protection rule spent an average of eighteen days - getting approvals, testing in staging, coordinating with operations, eventually pushing to prod. Impart's AI does it in forty-five minutes. The math is a 96% reduction. The meaning is something else: security that can actually keep up with the threat.
DiVincenzo has spent his career close enough to this problem to know exactly where the frustration lives. Not in the research papers. Not in the conference keynotes. In the gap between knowing an attack vector exists and actually being able to block it before it hits production. That gap - what he calls the "last mile" of application protection - is what Impart was built to close.
He co-founded the company in 2021 with Marc Harrison (former Chief Architect at Signal Sciences) and Brian Joe (former Sr. Director at Signal Sciences, holder of 8 patents in distributed systems). Three people who had collectively built four WAF products, watched one of those companies get acquired for $825 million, and then sat down to ask: what would we build if we started from scratch, knowing everything we know now?
Career
Developer first. Product second. CEO by necessity.
DiVincenzo didn't start in security. He started writing code. His early career reads like a tour of institutions that needed people who could build things fast: Resource/Ammirati (an IBM company) from 2006, then senior application development at 21st Century Fox, then lead developer at The Wall Street Journal. These weren't security jobs. They were media and publishing jobs - the kind where you learn what happens when infrastructure breaks under real load from real users.
The pivot came at Edgecast Networks in 2011, where he moved into product management and spent three years learning how content delivery and network infrastructure actually worked at scale. When Verizon acquired Edgecast in 2014, DiVincenzo stayed on in the combined Verizon Digital Media Services organization - another lesson in what happens to a product when a large enterprise takes ownership of it.
Then came Signal Sciences. As VP of Product, DiVincenzo was in the room as the company grew from a scrappy WAF startup to a platform that fundamentally changed how the market thought about web application firewalls. Signal Sciences built a product that worked the way security teams actually operated, rather than the way vendors assumed they did. When Fastly acquired Signal Sciences in 2020 for $825 million, DiVincenzo had a front-row seat to what product-market fit at that level actually looks like.
He also had a clear view of what was still unsolved.
From our experience at Signal Sciences, we became familiar with the challenges of API security as an extension of the growth and disruption of the WAF market.
Jonathan DiVincenzo
The Company
Impart: where the WAF generation builds what comes next
Impart Security isn't a WAF. DiVincenzo is careful about that. It's a runtime protection platform - a layer that lives in production, watches what's actually happening to your applications and APIs in real time, and acts on it. The platform uses WebAssembly (WASM) isolation to develop and deploy security rules safely inside production environments without requiring the traditional staging-testing-approval cycle that stretches eighteen days into the calendar.
The technical bet on WebAssembly is worth noting. WASM is primarily known as a browser technology - a way to run compiled code securely inside a sandbox. DiVincenzo and team applied that same sandboxing principle to production security rule execution. It's an unconventional move that treats browser-era isolation primitives as enterprise security infrastructure.
The platform also protects LLM workloads - a signal that Impart was building for where the threat landscape was heading, not just where it had been. As AI-powered applications have proliferated, the attack surface has expanded in ways that traditional WAFs weren't designed for. Impart's architecture anticipated this.
By June 2025, the results were measurable: 2,400 security rules deployed across customer environments, 99.97% uptime, and the company had successfully defended multiple enterprise customers against coordinated application attacks - in minutes, not days. Investors noticed. Madrona's Karan Mehandru led the $12M Series A, joined by CRV and 8-Bit Capital. Total funding to date: approximately $27.5 million.
WASM
Isolation tech
WebAssembly sandboxing for safe production rule deployment - no staging required
96%
Faster deployment
Security rule deployment cut from 18 days to 45 minutes
AI
Autonomous operator
Platform manages production security changes without human oversight
LLM
Next frontier
Runtime protection extended to large language model workloads
Thinking
The security singularity: a flat line where a pyramid used to be
In September 2025, DiVincenzo published what might be his most provocative piece of writing: "We've Crossed the Security Singularity." The thesis is uncomfortable and specific. Historically, the threat landscape looked like a pyramid - many low-skill attackers at the base, a small number of elite hackers at the top. Organizations could reason about their risk accordingly.
DiVincenzo argues that AI has flattened that pyramid into a horizontal line. The variable that used to separate a script kiddie from a nation-state actor was expertise. AI has largely eliminated that variable. What remains is something more tractable and more alarming: prompt engineering ability.
His proof of concept is specific: any historical breach documented in the security literature - SolarWinds, Kaseya, the major documented intrusions - can now be recreated on OWASP Juice Shop (a deliberately vulnerable web application used for training) by someone with basic AI prompting skills in thirty to sixty minutes. The expertise barrier is gone. The attack surface hasn't changed. The pool of people capable of exploiting it has expanded by several orders of magnitude.
The conclusion he draws isn't panic - it's architecture. Organizations need behavioral analysis, true zero-trust, compressed incident response timelines, and updated risk assessments that reflect this new baseline. The argument is self-serving in the sense that Impart's platform addresses exactly this scenario. It's also a coherent read of where the industry is.
When AI can be trusted to manage production changes without oversight, it transforms from an assistant into an autonomous operator.
Jonathan DiVincenzo - Series A announcement, June 2025
Career Timeline
From developer to CEO: the long arc
2006 - 2008
Senior Developer at Resource/Ammirati, an IBM company - early career foundations in software development
2008 - 2010
Senior Application Developer at 21st Century Fox - building at media scale
2010 - 2011
Lead Developer at The Wall Street Journal - infrastructure for one of the world's most-read publications
2011 - 2014
Senior Product Manager at Edgecast Networks - pivot from engineering to product, learning CDN and network security
2014 - 2016
Product roles at Verizon Digital Media Services post-Edgecast acquisition - navigating enterprise scale
2016 - 2020
Vice President of Product Management at Signal Sciences - building the WAF that changed the market
2020
Signal Sciences acquired by Fastly for $825M - one of the landmark cybersecurity exits of the decade
2021
Co-founded Impart Security with Marc Harrison and Brian Joe - all three from Signal Sciences
2024
Presented at Black Hat 2024 on solving API security - the industry's flagship security conference
June 2025
Impart Security closes $12M Series A led by Madrona Ventures - total funding ~$27.5M
September 2025
Publishes "We've Crossed the Security Singularity" - an argument that AI has democratized sophisticated cyberattacks
Things Worth Knowing
- DiVincenzo started as a software developer - he's one of the rare security CEOs who can read the code his platform generates
- The founding team of Impart all came from Signal Sciences - an unusual density of shared operational context before starting a new company
- Impart operates with 27 employees while protecting major financial services firms and global entertainment conglomerates
- The company's domain is impart.ai - an early bet on AI branding before it was the default move in security
- His Columbia Executive MS bridges a career that started in code and evolved through product into company-building
- The Impart Twitter account is @impartsecurity rather than a personal handle - DiVincenzo maintains a lower profile than most startup CEOs of comparable standing
On Camera
Watch Jonathan DiVincenzo
Achievements
The record
- Co-founded Impart Security, raising $27.5M in total funding including a $12M Series A in 2025
- VP of Product at Signal Sciences through its $825M acquisition by Fastly in 2020
- Helped build four WAF products across his career at Edgecast, Verizon, Signal Sciences, and Impart
- Impart platform has deployed 2,400+ security rules maintaining 99.97% uptime
- Cut enterprise security rule deployment time from 18 days to 45 minutes
- Speaker at Black Hat 2024 - one of the security industry's most competitive speaking slots
- Published author at Dark Reading, Security Boulevard, and DevOps.com on cybersecurity topics
- Executive MS in Management from Columbia University
Sources & Links
Further reading
impart.ai - Impart Security website
"We've Crossed the Security Singularity" - DiVincenzo's September 2025 essay
$12M Series A announcement - BusinessWire, June 2025
Black Hat 2024 talk on API Security - YouTube
AI, API & Runtime Security interview - YouTube, October 2025
